Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D074091ABD4AC0C45CE98A084B2572D23DA224081356C9D61467810DBB6180CD/0/34352e36382e32312e302f32342d3234203d3e20323732313336.roa
File:                     34352e36382e32312e302f32342d3234203d3e20323732313336.roa (raw, json)
Hash identifier:          SWdI0BKDBKZEYeZqUf4JSXZuyZhmBFagTr3YKhqGCpI=
Subject key identifier:   67:A9:7E:B3:AC:2D:C3:80:A8:19:31:66:46:B0:AD:0B:55:07:32:B7
Certificate issuer:       /CN=03CA54765F0951D369734386CF982D71F5CB5403
Certificate serial:       082D4DCBB8AF268969416355DF11C97489FBB10B
Authority key identifier: 03:CA:54:76:5F:09:51:D3:69:73:43:86:CF:98:2D:71:F5:CB:54:03
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/03CA54765F0951D369734386CF982D71F5CB5403.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D074091ABD4AC0C45CE98A084B2572D23DA224081356C9D61467810DBB6180CD/0/34352e36382e32312e302f32342d3234203d3e20323732313336.roa
Signing time:             Tue 04 Feb 2025 18:46:37 +0000
ROA not before:           Tue 04 Feb 2025 18:41:37 +0000
ROA not after:            Tue 03 Feb 2026 18:46:37 +0000
asID:                     272136
IP address blocks:        45.68.21.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:2d:4d:cb:b8:af:26:89:69:41:63:55:df:11:c9:74:89:fb:b1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03CA54765F0951D369734386CF982D71F5CB5403
        Validity
            Not Before: Feb  4 18:41:37 2025 GMT
            Not After : Feb  3 18:46:37 2026 GMT
        Subject: CN=67A97EB3AC2DC380A819316646B0AD0B550732B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9a:94:40:7d:3f:ee:53:fb:db:8d:01:41:b2:
                    7a:4f:96:46:40:b5:f2:ad:3c:84:c9:79:14:dc:89:
                    99:fe:79:3e:48:2b:82:fe:ac:c8:6c:f7:e8:5f:e0:
                    0a:9e:54:fc:ff:f8:3d:9e:e7:18:2e:74:cc:9d:d3:
                    37:1f:33:ac:88:0c:a7:c1:81:20:23:f0:5b:1c:42:
                    86:ff:65:f5:2a:2d:12:79:de:37:c9:ca:eb:02:80:
                    7e:82:90:fc:a5:d6:2a:cb:0a:57:04:40:ef:64:7c:
                    6f:92:98:18:58:fe:7e:29:50:f2:09:31:cd:25:81:
                    51:2d:69:c4:c8:58:ae:4b:a2:8e:ca:d7:69:3d:9a:
                    90:13:db:b9:90:a7:33:09:9c:eb:88:7c:f3:75:10:
                    da:99:8d:6b:6d:74:5c:01:2b:69:30:7d:cc:e7:97:
                    c5:39:7c:02:98:db:7e:16:bd:e2:c3:33:f9:dd:3a:
                    ef:c2:e6:36:3b:3a:57:e0:20:07:05:d0:ba:07:18:
                    c0:a3:9d:78:45:8f:05:d9:04:f3:f6:cf:99:79:34:
                    9b:71:b5:4d:c0:98:63:81:b6:f3:f2:d2:ff:db:f8:
                    ab:65:90:2d:3f:77:6d:87:bc:ac:1f:59:c2:97:85:
                    c3:9a:20:0a:a8:9a:ad:74:7a:7f:23:39:a6:4d:bb:
                    12:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A9:7E:B3:AC:2D:C3:80:A8:19:31:66:46:B0:AD:0B:55:07:32:B7
            X509v3 Authority Key Identifier:
                keyid:03:CA:54:76:5F:09:51:D3:69:73:43:86:CF:98:2D:71:F5:CB:54:03

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D074091ABD4AC0C45CE98A084B2572D23DA224081356C9D61467810DBB6180CD/0/03CA54765F0951D369734386CF982D71F5CB5403.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/03CA54765F0951D369734386CF982D71F5CB5403.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D074091ABD4AC0C45CE98A084B2572D23DA224081356C9D61467810DBB6180CD/0/34352e36382e32312e302f32342d3234203d3e20323732313336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.68.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:80:9a:6c:61:c4:54:ed:e4:19:8c:d4:ba:a7:1e:64:73:dc:
         8e:18:37:c2:97:88:5c:55:f8:0f:11:aa:d7:65:41:ca:44:43:
         1c:a8:8f:73:f0:b4:02:76:ef:c0:30:e6:24:f7:94:a0:15:c2:
         b1:17:63:5d:c4:a6:6a:12:e4:29:a1:f6:d6:1d:e4:d6:23:bf:
         69:47:88:82:ab:74:a4:6e:39:8e:91:59:47:aa:7c:46:a6:dc:
         09:84:c2:53:2b:0c:44:7c:65:02:77:58:5f:d5:35:b1:fa:02:
         e1:6b:39:3d:a9:fd:02:41:10:71:47:c0:e6:4d:f9:ef:d6:8e:
         84:b0:b8:fc:f5:ce:d9:38:ed:1d:39:0f:fd:3a:1f:6b:f6:f2:
         05:78:b5:ee:c0:57:37:00:b9:22:02:a5:82:f7:cd:a6:07:bf:
         b6:4d:74:f0:6f:7e:40:87:62:87:b0:fd:1f:8b:14:eb:d3:32:
         15:73:05:49:a5:45:9a:d2:07:03:f0:8b:1a:b3:ae:02:0e:53:
         99:7f:dd:29:36:73:ca:01:ff:49:84:f5:1a:29:eb:16:0c:59:
         d6:f5:14:30:e1:58:a9:ec:84:75:32:75:59:e2:04:0a:40:69:
         09:5c:0e:bf:89:fa:75:3e:47:40:7c:e2:e3:6c:38:67:c4:97:
         ed:54:01:fb
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUCC1Ny7ivJolpQWNV3xHJdIn7sQswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNDQTU0NzY1RjA5NTFEMzY5NzM0Mzg2Q0Y5ODJENzFG
NUNCNTQwMzAeFw0yNTAyMDQxODQxMzdaFw0yNjAyMDMxODQ2MzdaMDMxMTAvBgNV
BAMTKDY3QTk3RUIzQUMyREMzODBBODE5MzE2NjQ2QjBBRDBCNTUwNzMyQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmmpRAfT/uU/vbjQFBsnpPlkZA
tfKtPITJeRTciZn+eT5IK4L+rMhs9+hf4AqeVPz/+D2e5xgudMyd0zcfM6yIDKfB
gSAj8FscQob/ZfUqLRJ53jfJyusCgH6CkPyl1irLClcEQO9kfG+SmBhY/n4pUPIJ
Mc0lgVEtacTIWK5Loo7K12k9mpAT27mQpzMJnOuIfPN1ENqZjWttdFwBK2kwfczn
l8U5fAKY234WveLDM/ndOu/C5jY7OlfgIAcF0LoHGMCjnXhFjwXZBPP2z5l5NJtx
tU3AmGOBtvPy0v/b+KtlkC0/d22HvKwfWcKXhcOaIAqomq10en8jOaZNuxIlAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUZ6l+s6wtw4CoGTFmRrCtC1UHMrcwHwYDVR0j
BBgwFoAUA8pUdl8JUdNpc0OGz5gtcfXLVAMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EMDc0MDkxQUJENEFDMEM0NUNFOThBMDg0QjI1NzJEMjNE
QTIyNDA4MTM1NkM5RDYxNDY3ODEwREJCNjE4MENELzAvMDNDQTU0NzY1RjA5NTFE
MzY5NzM0Mzg2Q0Y5ODJENzFGNUNCNTQwMy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8wM0NBNTQ3NjVGMDk1MUQzNjk3
MzQzODZDRjk4MkQ3MUY1Q0I1NDAzLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDA3NDA5MUFCRDRBQzBDNDVDRTk4QTA4NEIyNTcyRDIzREEyMjQwODEz
NTZDOUQ2MTQ2NzgxMERCQjYxODBDRC8wLzM0MzUyZTM2MzgyZTMyMzEyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjM3MzIzMTMzMzYucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtRBUwDQYJ
KoZIhvcNAQELBQADggEBAIyAmmxhxFTt5BmM1LqnHmRz3I4YN8KXiFxV+A8Rqtdl
QcpEQxyoj3PwtAJ278Aw5iT3lKAVwrEXY13EpmoS5Cmh9tYd5NYjv2lHiIKrdKRu
OY6RWUeqfEam3AmEwlMrDER8ZQJ3WF/VNbH6AuFrOT2p/QJBEHFHwOZN+e/WjoSw
uPz1ztk47R05D/06H2v28gV4te7AVzcAuSICpYL3zaYHv7ZNdPBvfkCHYoew/R+L
FOvTMhVzBUmlRZrSBwPwixqzrgIOU5l/3Sk2c8oB/0mE9Rop6xYMWdb1FDDhWKns
hHUydVniBApAaQlcDr+J+nU+R0B84uNsOGfEl+1UAfs=
-----END CERTIFICATE-----